Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-21686 | Code Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce platform. | 9.8 |
| 2021-12-21 | CVE-2012-20001 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 6.1 |
| 2021-12-07 | CVE-2021-43789 | Unspecified vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 9.8 |
| 2021-03-31 | CVE-2021-21418 | Unspecified vulnerability in Prestashop PS Emailsubscription 2.6.0 ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. | 5.4 |
| 2021-03-30 | CVE-2021-21398 | Unspecified vulnerability in Prestashop 1.7.7.0/1.7.7.1/1.7.7.2 PrestaShop is a fully scalable open source e-commerce solution. | 5.4 |
| 2021-02-26 | CVE-2021-21308 | Unspecified vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 9.1 |
| 2021-02-26 | CVE-2021-21302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 7.2 |
| 2021-01-20 | CVE-2021-3110 | SQL Injection vulnerability in Prestashop 1.7.7.0 The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | 9.8 |
| 2020-12-03 | CVE-2020-26248 | SQL Injection vulnerability in Prestashop Productcomments In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. | 8.2 |
| 2020-11-16 | CVE-2020-26225 | Unspecified vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0 In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. | 6.1 |